Further research into failed Mylyn and client certificates integration
As you may have read on this blog before, I’ve been trying to marry Mylyn to the company provided Trac server. This integration has been unsuccessful as to now, as I receive a handshake_failure every time I try to validate the settings:
I’ve decided to try and get to the bottom of this. I’ve fired up Wireshark and made network traces of the connection. So far, I’ve found one interesting item: it seems that the certificate is not being sent at all! That is: if my understanding of the TLS RFC is correct. The RFC states:
7.4.6. Client certificateWhen this message will be sent:
This is the first message the client can send after receiving a
server hello done message. This message is only sent if the
server requests a certificate. If no suitable certificate is
available, the client should send a certificate message
containing no certificates. If client authentication is required
by the server for the handshake to continue, it may respond with
a fatal handshake failure alert. Client certificates are sent
using the Certificate structure defined in Section 7.4.2.
And this is what I seen in Wireshark:
I get the feeling that the problem may be centered around the fact that my client certificate is protected with a password. I’m gonna get to the bottom of this…
Related posts:
